Tuesday, 9 July 2013

PRISM: EU approves inquiry into NSA cyber snooping

US and EU buildings
The European Parliament has approved plans to launch an investigation into the US's PRISM cyber snooping programme, following allegations that the National Security Agency (NSA) bugged and spied on government ministers in the region.
The investigation was approved by 483 votes to 98 with 65 abstentions. It will be overseen by the Parliament's Civil Liberties Committee, which will mount an "in-depth inquiry into the US surveillance programmes, including the bugging of EU premises."
The investigation will conclude by the end of the year, when the committee will present its findings to the European Parliament.
The news follows reports that US governments had been spying on European government and Commission officials as a part of their PRISM data collection campaign. Prior to the inquiry the EU Commission and Parliament demanded the US government reveal the extent of its spying campaign.
Since the PRISM scandal, reports have emerged claiming that several EU nation states including the UK, Sweden, the Netherlands and France are carrying out similar cyber snooping campaigns. The UK is believed to be one of the worst offenders, with reports suggesting the GCHQ is collecting vast reserves of data by tapping into global telecoms cables, under an operation called Tempora.
The Parliament announced plans to help protect citizens from programmes like PRISM. These included reforms to help protect whistleblowers, like ex-CIA analysts Edward Snowden who originally leaked the details of PRISM. The protection measures will include discussions about nations' power to suspend citizens' passports and bank accounts, and whether such practices are ethical.
The EC also indicated that it would be willing to reconsider Europe's trade relationship with the US if the nation continued to refuse to co-operate, with MPs saying such a scenario would be "unfortunate". At the time of publishing the US Department of Defense had not responded to V3's request for comment on the inquiry.

Google plugs 'Master Key' security flaw afflicting 99 percent of Android users

Google logo
Google has released an emergency fix plugging a security vulnerability that was affecting 99 percent of all Android devices.
A Google spokesman confirmed to V3 the company has released the patch to core partners and OEMs, but added the firm is yet to see any evidence suggesting the flaw has been actively exploited by cyber criminals.
Even with the patch fix released, it will still remain up to manufacturers and partner companies to roll it out to the general public. In the past companies have been slow to release updates to Android.
The vulnerability was originally reported by security firm Bluebox and reportedly affects every version of Android since 1.6. and could be used to target any Google phone or tablet released in the last four years.
Bluebox security chief technology officer Jeff Forristal said the flaw relates to the cryptographic signature of Android apps. Theoretically if exploited the flaw could allow hackers to turn legitimate applications into defence-dodging Trojans.
This is largely due to the fact most companies, like Samsung, Sony and HTC have chosen to customise the Android version used on their devices which need to be optimised for each new version of the OS released by Google.
The slow update cycle means that in the past older versions of Android, like Gingerbread have been the most commonly used. It was only this month that Google's latest Jelly Bean Android version overtook Gingerbread to become the most common version of the OS.
Security experts have highlighted the slow update cycle as causing numerous problems outside of the Master Key issue reported by Bluebox. Most recently experts from Trend Micro and Kaspersky said even with the release Android's fragmented nature makes it difficult to fully secure the operating system, making it laborious and costly for security firms to fully support all Android versions.

Google Android Jelly Bean overtakes Gingerbread as most used smartphone and tablet OS

Android Jelly Bean Google
Google's Jelly Bean Android version has finally overtaken the near two-year-old Gingerbread to become the most common variant. However, ongoing fragmentation is still leaving users open to attack, according to the security community.
The latest statistics from the Android Developer Forum show that Android Jelly Bean is now running on 37.9 percent of all Google smartphones and tablets, with 32.3 percent running on Android 4.1 and 5.6 percent on the latest 4.2 update. This beats the older Gingerbread version, which is pegged as having a 34.1 percent share of the ecosystem.
The number is a marked improvement on the figures shown in the last quarter, when Gingerbread was believed to run on 44.2 percent of all Android devices, dwarfing Jelly Bean's 16.5 percent share. Between the two, Android Ice Cream Sandwich's share also shrunk from 28.6 percent to 23.3 percent.
Despite the positive news security experts remain concerned about the ongoing fragmentation in the ecosystem. Trend Micro's Rik Ferguson told V3 even with the figures the slow uptake of new Android updates is causing a massive headache for security firms trying to secure the ecosystem.
"The ongoing and historical fragmentation in the Android user base has unfortunately become a fact of life and that means vulnerabilities or lack of security features for a large percentage of users, vulnerabilities that will likely never be fixed," he told V3.
"The major problem is the lack of a centralised means of providing critical security fixes for all versions of operating systems and this is something that should be resolved with all speed.
"Right now the responsibility for distributing updates lies primarily with handset manufacturers and carriers, and their major motivation is often more in persuading you to buy a newer handset than in prolonging the life of your older one."
The news is doubly disturbing as it follows reports that an Android 'Master Key' that is potentially exploitable by hackers has been discovered. Security firm Bluebox reported uncovering the key earlier this week, claiming it affects all versions of Android and is leaving 99 percent of Google smartphone and tablet users vulnerable to attack and requires an emergency patch fix.
Kaspersky's David Emm told V3 the fragmentation will make fixing the 'Master Key' even more difficult.
"Regarding the existence of a ‘Master Key' for Android, it is positive that the leak has been reported to Google, but there is a strong possibility that devices running older Android versions will remain vulnerable," he said.
"As always, the key for users is to keep updating their software to protect against the latest threats."

If Israel Can't Protect Its Private Sector From Hackers, Who Can?

Israeli computers are already among the most targeted  and best protected -- in the world, with thousands of cyber-attacks on government sites fended off daily.
That's all well and good, but what about the private sector, where drug and food manufacturers and Internet service providers offer hackers relatively easy targets?
"In an orchestrated cyber-attack on Israel  not by a few kids and Anonymous, but a nation-backed attack  we could find ourselves in a bad way if we don't do something about our exposed civilian 'cyber' vulnerabilities," said Gabi Siboni, military and strategic affairs program director at Tel Aviv's Institute for National Security Studies.
The institute is hosting a cybersecurity conference this week, where Siboni spoke today. Yaakov Perry, the Israeli minister of science, technology and space, and Eviatar Matania, the head of the National Cyber Bureau, are also scheduled to speak at the conference. It's Israel's second major cybersecurity convention in the last month.
"Why should an assailant attack what we call critical infrastructure like Israel Electric Corp, when he knows he will need to exert himself to penetrate it because it is a national infrastructure that is regulated and protected?" Siboni said. "He's better off going after the unprotected that may do less damage but nonetheless harm Israel."
Just knowing it's at risk puts Israel ahead of the rest of the world as Siboni said he wasn't sure any country had an organized approach on how best to protect the civilian sector from hackers. In the U.S., the National Institute of Standards and Technology this month sought feedback on a voluntary framework to secure critical infrastructure from cyber-attacks by Iran and its proxies: Lebanon's Hezbollah and the Palestinian Hamas.
Israel's awareness is piqued by a rise, reported last month by Prime Minister Benjamin Netanyahu, in such attacks by Iran, Lebanon's Hezbollah and the Palestinian Hamas. In April, hackers briefly shut down several government websites in a coordinated assault protesting Israel's treatment of the Palestinians. Last year during fighting in the Gaza Strip, millions of attacks on websites were deflected.
Israel established the National Cyber Bureau two years ago to protect vital computer systems from attack. The Israel Security Agency, also known as the Shin Bet, also has a unit focused on the issue.
The two should merge so one operation is responsible for defending the civilian sector, Siboni has proposed to policy makers. The organization would establish information-security standards for businesses that will be similar to those that ensure adequate safety measures for fires.
An official at the Cyber Bureau declined to comment on Siboni's remarks.
"Let's say they attack all news providers," said Siboni. "What happens if no one knows what is going on?"

EU businesses can be shut down by new cyber law

New laws on cyberattacks voted in by the European parliament will allow any business found to be engaging in hacking or any other cyber crime to be closed down.
The new framework   will require member states to "take necessary measures” to make sure that firms who indulge in any kind of cybercrime can now be held accountable. The rules allow member states to serve punishment even if an employee carried out hacking without bosses’ knowledge.
Sanctions will vary, depending on the crime committed and include: "exclusion from entitlement to public benefits or aid; temporary or permanent disqualification from the practice of commercial activities; placing under judicial supervision; judicial winding-up; temporary or permanent closure of establishments which have been used for committing the offence", the EP document stated.
The European Commission said that the draft laws are an update to a 2005 framework, to make it more secure for businesses and to stop the "massive spread of malware”.
Last week  it emerged that in the UK, businesses are being attacked on an "industrial scale”, with around 70 sophisticated attacks being carried out each month.
Those found carrying out cyberattacks could also face up to 5 years in prison under the news laws. This is especially true of those that "cause serious damage” and those that are carried out on a "critical infrastructure information system".
"This is an important step to boost Europe's defences against cyber-attacks," the EU's Commissioner for Home Affairs, Cecilia Malmström, said.
"Attacks against information systems pose a growing challenge to businesses, governments and citizens alike. Such attacks can cause serious damage and undermine users' confidence in the safety and reliability of the Internet."
"The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions".
She went on to say that member states would have to move quickly when it comes to urgent requests and this was intended to improve EU "justice and police cooperation”.

Hackers using PRISM-phishing Java RAT to steal government data

Cyber criminals are targeting government agencies with phishing messages containing a dangerous Java remote access tool (RAT).
Symantec researcher Andrea Lelli reported uncovering the threat, confirming that the messages are designed to entice government workers to download the attachments by masquerading as news announcements and messages about the PRISM scandal.
"We recently came across an attack campaign which looked quite unusual compared to the standard attacks normally seen in the wild. This campaign is targeting government agencies by sending phishing emails with a malicious attachment. Nothing new so far, except for one thing: the malicious payload is a Java remote access tool (RAT)," wrote Lelli on a company blog.
"As we all know, cyber criminals tend to use recent hot media topics to entice users. In the case of this campaign they are using the recent news coverage surrounding the NSA surveillance programme PRISM."
Lelli highlighted the use of the RAT as particularly troubling, as it grants the attackers several advanced powers over compromised machines. "This applet is a RAT named jRat, it is available for free and Symantec detects it as Backdoor.Jeetrat.
This threat can give full control of the compromised computer to a remote attacker," wrote Lelli.
"More importantly, because it is a Java applet the threat is able to run on multiple operating systems, not just Windows. In fact, the threat has a builder tool that allows you to build your own customised versions of the RAT, and we can see that when it comes to the targeted operating systems, the choice is very broad."
The Symantec researcher said the malware used is a modified version of one used in a previously detected attack. "This malicious RTF document exploits the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158), detected by Symantec as Bloodhound.Exploit.457," wrote Lelli.
"The attack has been simplified as it does not involve the use of an exploit, nor an executable shellcode/payload, but simply relies on a Java applet. Nonetheless, it is no less dangerous than the older attacks and it can spread more easily since exploits are usually limited to work on specific versions of the vulnerable software and operating system, while this RAT can spread on any system where Java runtime is installed. In fact, not only has the attack been simplified, but it has also become more stable and more virulent, it is a big upgrade."
Despite the troubling news Lelli confirmed there are protection tools available that can ward off the attack. "While this new attack is a little unusual, it can be detected and blocked like older ones. We advise our customers to update their definitions and to be very cautious when receiving suspicious emails," wrote Lelli.
The RAT is one of many evolved cyber attacks targeting UK networks. Most recently Olympic cyber security head Oliver Hoare revealed hackers targeted the electricity grid powering the London 2012 Olympics stadium on the eve of the opening ceremony.

DarkSeoul hacks on South Korea uncovered spying on nation's networks as far back as 2009

South Korea
The DarkSeoul hackers responsible for a wave of attacks on South Korea and the US military are part of a wider more dangerous hacking operation that has been in ongoing for four years, far longer than previously thought, according to McAfee.
McAfee reported uncovering evidence suggesting the group is involved in a larger hacking campaign that has been active since at least 2009, in its Dissecting Operation Troy: Cyber espionage in South Korea threat report.
"McAfee Labs has uncovered a sophisticated military spying network targeting South Korea that has been in operation since 2009," read the report.
"Our analysis shows this network is connected to the DarkSeoul incident. Furthermore, we have also determined that a single group has been behind a series of threats targeting South Korea since October 2009."
The firm cited similarities between the DarkSeoul attacks and malware used by a second team, operating under the New Romanic Cyber Army Team alias as proof of its claim. "The operation, all based on the same code, has attempted to infiltrate specific South Korean targets. We call this Operation Troy, based on the frequent use of the word Troy in the compile path strings in the malware. The prime suspect group in these attacks is the New Romanic Cyber Army Team, which makes frequent use of Roman and classical terms in their code," read the report.
The firm said the evidence suggests the public DarkSeoul attacks on broadcasters and banks, were likely smokescreens for the wider more dangerous espionage scheme targeting South Korea.
"McAfee Labs has found that there was more to the incident than what was widely reported. Our analysis has revealed a covert espionage campaign," read the report.
"McAfee Labs has determined that domestic espionage activities occurred before the March 20 attacks, most likely to gain intelligence regarding the targets to carry out further attacks (such as the March 20 incident) or to benefit the attackers in some other ways. This spying operation had remained hidden and only now has been discovered through diligent research and collaboration."
The hackers behind the operation are also believed to have had access to South Korean systems before mounting the attack.
"We also suspect the attackers had knowledge of the security software running within the environment before they wiped the systems, given that some of the variants used in the attack were made to look as if they were antimalware update files from before March 20. The attackers who conducted the operation remained hidden for a number of years prior to the March 20 incident by using a variety of custom tools," read the report.
Prior to McAfee's report, numerous security companies and law enforcement agencies have suggested the DarkSoul attacks were state sponsored. McAfee said its research could neither prove nor disprove this theory, but added that the hackers behaviour was consistent with that of attackers operating under the Anonymous hacktivist collective's banner.
"State sponsored or not, these attacks were crippling nonetheless. The overall tactics were not that sophisticated in comparison to what we have seen before," read the report.
"The main group behind the attack claims that a vast amount of personal information has been stolen. This type of tactic is consistent with Anonymous operations and others that fall within the hacktivist category, in which they announce and leak portions of confidential information."
The attacks listed is the report were originally believed to have started earlier this year, when hackers operating under the DarkSeoul alias claimed responsibility for a wave of attacks on several of the nation's banks and broadcasters.
The attackers returned later this year on the anniversary of the Korean War. The attacks have seen hackers target numerous South Korean government agencies with denial of service attacks. The DarkSeoul hackers are also believed to be responsible for a data breach allegedly revealing the names and personal details of 40,000 active US servicemen.

Facebook extends Graph Search rollout with US launch

The Facebook logo
Facebook is rolling out its Graph Search feature
Facebook is extending its Graph Search platform for users running the site in US English.
The company said that the update would improve the accuracy of Facebook's search functionality, allowing users better accuracy when searching for friends and tagged items.
The release will be limited to users running the US English version of Facebook, though further rollouts are planned.
First introduced in January, the Graph Search feature allows users to view results based on their personal activity and preferences. Based on feedback from users, the feature will analyze queries and activity to deliver unique results for each user.
“Graph Search results are personalized and unique for everyone, based on what has been shared with them. For example, if you search for "Photos of San Francisco," you'll see photos your friends took there and shared with you, as well as Public photos,” the company said in announcing the new feature.
“This means if someone else does the same search, they're going to see different results because they have different friends, and different photos have been shared with them.”
While Facebook has promoted Graph Search as a promising feature for users, privacy groups have expressed concern over how the new feature could impact users. The social networking giant has attempted to allays those fears by limiting the Graph Search service to constraints based on users' privacy settings.
In rolling out the new service, Facebook is advising users to check their privacy settings and limit access to the content Graph Search can access.

Iran Domestic Email Service Online

Iran Information and Communication Technology Minister Mohammad Hasan Nami  said in an interview with state TV that Iran has opened its own domestically made national email service.
Iranian local experts created the service's software and each Iranian will be assign an email address quoted Minister.
Iran has discussed for years having its own domestic email service as the government occasionally has blocked access to foreign email providers like Gmail and Yahoo.
The country also has blocked and made illegal virtual private networks that allow Iranians to freely use the Internet and access banned websites like those for opposition groups.
Official statistics suggest Iran, home to 75 million people, has some 32 million Internet users.

Snowden : The NSA and Israel wrote Stuxnet together.

Just before Edward Snowden became a world famous whistleblower, he answered an extensive catalog of questions. These came from, amongst others, Jacob Appelbaum, 30, a developer of encryption and security software. Appelbaum educates international human rights groups and journalists on how to work with the Internet in safe and anonymous way.
He became more publicly know in 2010, when he represented WikiLeaks founder Julian Assange speaking at a hacker conference in New York. Along with Assange and other co-authors he has recently published the interview recording "Cypher Punks: Our Freedom and the future of the Internet."
In the course of investigations into the WikiLeaks disclosures, Appelbaum came to the attention of American authorities, who demanded companies such as Twitter and Google to divulge his accounts. He himself describes his attitude to WikiLeaks as "ambivalent" - and describes below how it came about that he was able to ask Snowden these questions.
In mid-May I was contacted by the documentary-maker Laura Poitras. She told me, that at this time she was in contact with an anonymous NSA source, which had consented to be interviewed by her.
She put together questions and asked me to contribute questions. This was, among other reasons, to determine whether she was really dealing with a NSA whistleblower. We sent our questions via encrypted e-mails. I did not know that the interlocutor was Edward Snowden until he revealed himself as such in public in Hong Kong. He did not know who I was. I had expected that he was someone in their sixties.
The following is an excerpt from a extensive interview which dealt with further points, many of them technical in nature. Some of the questions now appear in a different order to understand the context.
The discussion focused almost exclusively on the activities of the National Security Agency. It is important to know that these questions were not asked as relating to the events of the past week or the last month.
They were entirely asked without any unrest, since, at that point, Snowden was still in Hawaii.
At a later stage I was again in direct contact with Snowden, at which time I also revealed my own my identity. He told me then that he gave consent to publish his statements.
Question: What is the mission of the National Security Agency (NSA) - and how is their job in accordance with the law?
Snowden: It is the mission of the NSA, to be aware of anything of importance going on outside of the United States. This is a considerable task, and the people there are convinced that not knowing everything about everyone could lead to some existential crisis. So, at some point, you believe it's all right is to bend the rules a little. Then, if people hate it that you can bend the rules, it suddenly becomes vital even to to break them.
Question: Are German authorities or politicians involved in the monitoring system ?
Snowden: Yes of course. They (the NSA people -- ed.) are in cahoots with the Germans, as well as with the most other Western countries. We (in the U.S. intelligence apparatus -- ed.) warn the others, when someone we want to catch, uses one of their airports - and they then deliver them to us.
The information on this, we can for example pull off of the monitored mobile phone of a suspected hacker’s girlfriend -- who used it in an entirely different country which has nothing to do with the case.
The other authorities do not ask us where got the leads, and we do not ask them anything either. That way, they can protect their political staff from any backlash if it came out how massive the global violation of people’s privacy is.
Question: But now as details of this system are revealed, who will be put before a court over this?
Snowden: Before U.S. courts? You're not serious, are you? When the last large wiretapping scandal was investigated - the interception without a court order, which concerned millions of communications - that should really have led to the longest prison sentences in world history. However, then our highest representatives simply stopped the investigation. The question, who is to be accused, is theoretical, if the laws themselves are not respected. Laws are meant for people like you or me - but not for them.
Question: Does the NSA cooperate with other states like Israel?
Snowden: Yes, all the time. The NSA has a large section for that, called the FAD - Foreign Affairs Directorate.
Question: Did the NSA help to write the Stuxnet program? (the malicious program used against the Iranian nuclear facilities -- ed.)
Snowden: The NSA and Israel wrote Stuxnet together.
Question: What are the major monitoring programs active today, and how do international partners  help the NSA?
Snowden: The partners in the "Five Eyes" (behind which are hidden the secret services of the Americans, the British, the Australians, New Zealanders and Canadians -- ed.) sometimes go even further than the NSA people themselves. Take the Tempora program of the British intelligence GCHQ for instance. Tempora is the first "I save everything" approach ("Full take") in the intelligence world. It sucks in all data, no matter what it is, and which rights are violated by it. This buffered storage allows for subsequent monitoring; not a single bit escapes. Right now, the system is capable of saving three days’ worth of traffic, but that will be optimized. Three days may perhaps not sound like a lot, but it's not just about connection metadata. "Full take" means that the system saves everything. If you send a data packet and if makes its way through the UK, we will get it. If you download anything, and the server is in the UK, then we get it. And if the data about your sick daughter is processed through a London call center, then ... Oh, I think you have understood.
Question: Can anyone escape?
Snowden: Well, if you had the choice, you should never send information over British lines or British servers. Send even the Queen’s selfies with her lifeguards would be recorded, if they existed.
Question: Do the NSA and its partners apply some kind of wide dragnet method to intercept phone calls, texts and data?
Snowden: Yes, but how much they can record, depends on the capabilities of the respective taps. Some data is held to be more worthwhile, and can therefore be recorded more frequently. But all this is rather a problem with foreign tapping nodes, less with those of the U.S. This makes the monitoring in their own territory so terrifying. The NSA’s options are practically limitless - in terms of computing power, space or cooling capacity for the computers.
Question: The NSA is building a new data center in Utah. What is it for?
Snowden: These are the new mass data storage facilities.
Question: For how long will the information there be stored?
Snowden: Right now it is still so, that the full text of collected material ages very quickly, within a few days, especially given its enormous amount. Unless an analyst marked a target or a particular communication. In that case the communication is saved for all eternity, one always get an authorization for that anyway. The metadata ages less quickly. The NSA at least wants all metadata to be stored forever. Often the metadata is more valuable than the contents of the communication, because in most cases, one can retrieve the content, if there is metadata. And if not, you mark all future communications that fits this metadata and is of interest, so that henceforth it will be recorded completely. The metadata tells you what you actually want from the broader stream.
Question: Do private companies help the NSA?
Snowden: Yes. But it's hard to prove that. The names of the cooperating telecom companies are the crown jewels of the NSA... Generally you can say that multinationals with headquarters in the USA should not be trusted until they prove otherwise. This is unfortunate, because these companies have the ability to deliver the world's best and most reliable services - if they wanted to. To facilitate this, civil rights movements should now use these revelations as a driving force. The Companies should write enforceable clauses into their terms, guaranteeing their clients that they are not being spied on. And they should include technical guarantees. If you could move even a single company to do such a thing, it would improve the security of global  communications. And when this appears to not be feasible, you should consider starting one such company yourself.
Q: Are there companies that refuse to to cooperate with the NSA?
Snowden: Yes, but I know nothing of a corresponding list that would meet this. However, there would surely be more companies of this type, if the companies working with the NSA would be punished by the customer. That should be the highest priority of all computer users who believe in the freedom of thoughts.
Question: What are the sites you should beware, if you do not want to become targeted by the NSA?
Snowden: Normally one is marked as a target because of a Facebook profile or because of your emails. The only place which I personally know where you can become a target without this specific labeling, are jihadist forums.
Question: What happens if the NSA has a user in its sights?
Snowden: The target person is completely monitored. An analyst will get a daily report about what has changed in the computer system of the targeted person. There will also be... packages with certain data which the automatic analysis systems have not understood, and so on. The analyst can then decide what he wants to do - the computer of the target person does not belong to them anymore, it then more or less belongs to the U.S. government.

Music artist Mos Def undergoes Guantanamo Bay feeding process

Wanted to know how it looks like if you are being force-fed in Guantanamo Bay? Well Mos Def has volunteered to show how this is done. The video can be shocking for some people.
As Ramadan begins, more than 100 hunger-strikers in Guantánamo Bay continue their protest. More than 40 of them are being force-fed. A leaked document sets out the military instructions, or standard operating procedure, for force-feeding detainees. In this four-minute film made by Human Rights organisation Reprieve and Bafta award-winning director Asif Kapadia, US actor and rapper Yasiin Bey (formerly known as Mos Def), experiences the procedure.

What is ​Ramadan

Ramadan is the ninth month of the Islamic calendar; Muslims worldwide observe this as a month of fasting. This annual observance is regarded as one of the Five Pillars of Islam.[4] The month lasts 29–30 days based on the visual sightings of the crescent moon, according to numerous biographical accounts compiled in hadiths. The word Ramadan comes from the Arabic root ramida or ar-ramad, which means scorching heat or dryness. Fasting is fardh (obligatory) for adult Muslims, except those who are ill, travelling, pregnant, diabetic or going through menstrual bleeding.
While fasting from dawn until sunset, Muslims refrain from consuming food, drinking liquids, smoking, and engaging in sexual relations; in some interpretations they also refrain from swearing. Food and drink is served daily, before sunrise and after sunset. According to Islam, the thawab (rewards) of fasting are many, but in this month they are believed to be multiplied.Fasting for Muslims during Ramadan typically includes the increased offering of salat (prayers) and recitation of the Quran.

Guantanamo​ Bay

Guantánamo Bay (Spanish: Bahía de Guantánamo) is a bay located in Guantánamo Province at the southeastern end of Cuba (19°54′N 75°9′WCoordinates19°54′N 75°9′W). It is the largest harbor on the south side of the island and it is surrounded by steep hills which create an enclave that is cut off from its immediate hinterland.
The United States assumed territorial control over the southern portion of Guantánamo Bay under the 1903 Cuban-American Treaty. The United States has complete jurisdiction and control over this territory, while Cuba retains ultimate sovereignty. The current government of Cuba regards the U.S. presence in Guantánamo Bay as illegal and insists the Cuban-American Treaty was obtained by threat of force in violation of international law. Some legal scholars judge that the lease may be voidable. It is the home of the Guantanamo Bay detention camp, which is governed by the United States.

Germany defends 'strictly legal' cooperation with NSA

Angela Merkel's government said on Monday that its cooperation with American intelligence was fully regulated by strict legal guidelines after a magazine reported that the U.S. National Security Agency was in close cahoots with German spies.
Germany's opposition, with an eye on September's election, when the chancellor will seek a third term, demanded that her government explain how much it knew about U.S. surveillance tactics ahead of talks with Washington about the NSA.
"In the light of the latest media reports, it is even more urgent to ask what Germany's secret services and above all what the Chancellery knew about eavesdropping activities," said the Social Democrats' (SPD) chancellor candidate, Peer Steinbrueck.
Der Spiegel's report that the NSA works with Germany and other Western states on a 'no questions asked'-basis undermines the chancellor's indignant talk of "Cold War" tactics revealed by former NSA contractor Edward Snowden.
"They are in bed with the Germans, just like with most other Western states," Snowden said in an interview in Der Spiegel.
"Other agencies don't ask us where we got the information from and we don't ask them," he said. "That way they can protect their top politicians from the backlash in case it emerges how massively people's privacy is abused worldwide."
Germany has publicly demanded explanations for Snowden's allegations of large-scale spying by the NSA, and by Britain via a program codenamed 'Tempora', on their allies including Germany and other European Union states, as well as EU institutions and embassies.
Merkel's spokesman Steffen Seibert told a news conference that talks between European Union and U.S. experts starting in Washington on Monday, in parallel to transatlantic free trade talks starting this week, should clarify the NSA's activities.
"The Federal Intelligence Agency (BND) cooperates within its legal framework with partner agencies, including for decades the NSA," he told a news conference. The BND is Germany's main overseas intelligence agency.
"In the fight against terrorist threats, we can only protect the population if we cooperate with others. This cooperation takes place within strict legal and judicial guidelines and is controlled by the competent parliamentary committee," he said.
Merkel has said Germany has avoided terrorist attacks thanks to tip-offs from its allies, while at the same time saying that U.S. and British snooping on close EU allies, if confirmed, would be unacceptable "Cold War" methodology.
She has spoken directly with President Barack Obama about the reports that the United States has bugged electronic communications and institutions in Germany and elsewhere in the EU, and is sending her interior minister to Washington this week.
Intelligence agencies are coordinated by Merkel's office and overseen by a parliamentary committee, whose deliberations - including testimony about the NSA from the head of the BND last week - are secret. Germany's domestic spy agency has said it did not know about such extensive U.S. and British eavesdropping.
But the opposition insists that Merkel or her chief of staff Ronald Pofalla, who coordinates the secret services, must have known more.
"The citizens of our country should be able to trust in the secret services respecting the law and their rights," said Steinbrueck. "All the facts must be put on the table."

Suspicions Growing Over Death of Journalist Probing NSA and CIA Abuses

Weeks after the fiery death of investigative journalist Michael Hastings, who was probing abuses by the CIA and NSA and had recently informed others that he was being investigated by federal authorities, suspicions about his mysterious car crash are still swirling around the Internet. While police officially ruled the death an “accident,” serious questions are still surfacing — even in the establishment media and among prominent officials. Based on e-mails Hastings sent out shortly before he died about working on a “big story” and needing to go “off the radar,” it has become clear that he was worried, too.
Hastings, who wrote for Rolling Stone, BuzzFeed, Gawker, and other publications, was probably best known for his award-winning 2010 article “The Runaway General.” The piece helped bring down U.S. Gen. Stanley McChrystal, commander of American and NATO forces in Afghanistan. Despite his establishment credentials and what analysts called his “Democrat-friendly” reporting, Hastings had become extremely alarmed about the “surveillance state” and other troubling developments in recent months. His last published story: "Why Democrats Love To Spy On Americans."
When the Obama administration was exposed spying on journalists earlier this year, the investigative reporter blasted what he referred to as the president’s “war” on journalism. "The Obama administration has clearly declared war on the press. It has declared war on investigative journalists — our sources," he said during a recent TV interview, blasting the administration’s lawless behavior, obsession with secrecy, and vicious persecution of whistleblowers. Beyond simple criticism, though, Hastings openly said it was time for journalists to fight back.
"I think the only recourse to this kind of behavior by the government is to say back to the government, 'we declare war on you,' and from this point forward, we should no longer — the media as a whole — cooperate in any manner with the government,” he continued. “We should withdraw all our cooperation and we should publish everything we know, because it's a free press, it's not a free-except-for-when-the-government-tells-me-to-do-it press, and we've been way too easygoing with these guys."
Less than 24 hours before his death, Hastings made it crystal clear that he was concerned about his own well-being. In an e-mail sent to numerous contacts and his employer, for example, Hastings noted: “The Feds are interviewing my ‘close friends and associates.’” He also said that if authorities show up, it “may be wise to immediately request legal counsel before any conversations or interviews about our news-gathering practices or related journalism issues.” The subject line read: “FBI investigation re: NSA.” Perhaps most alarming of all, the e-mail concluded with this: “Also: I'm onto a big story, and need to go off the rada[r] for a bit.”
While some friends and family members are reportedly too frightened to speak out, at least one recipient of the e-mail has gone public. Staff Sgt. Joseph Biggs, who became friends with Hastings while the journalist was embedded with his unit in Afghanistan in 2008, told KTLA that the “very panicked” message “alarmed me very much.” According to Biggs, “I just said it doesn’t seem like him. I don’t know, I just had this gut feeling and it just really bothered me.”
Biggs has spoken to Fox News and other major media outlets as well, saying Hastings was working on “the biggest story yet” about the CIA and that Hastings’ wife vowed to “take down whoever did this.” Apparently Hastings “drove like a grandma.” In an extended interview with radio host Alex Jones, Biggs also said he knew Hastings was receiving “death threats” from military brass. The retired staff sergeant added that he was extremely suspicious about his friend’s death and vowed to do everything in his power to find out what happened.
Heavy-hitters from the government sector have expressed concerns, too. Former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism Richard Clarke, for example, told The Huffington Post in late June that the deadly car crash was “consistent with a car cyber-attack.” Intelligence agencies for major powers — including the U.S. government — almost certainly know how to remotely seize control of a car, he added.
"What has been revealed as a result of some research at universities is that it's relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn't want acceleration, to throw on the brakes when the driver doesn't want the brakes on, to launch an air bag," Clarke continued. "You can do some really highly destructive things now, through hacking a car, and it's not that hard…. So if there were a cyber-attack on the car — and I'm not saying there was — I think whoever did it would probably get away with it."
So far, the FBI has denied that it was investigating Hastings. However, on June 19, the day after the mysterious crash, WikiLeaks released what has been interpreted as a bomb-shell to some analysts monitoring the investigation. “Michael Hastings contacted WikiLeaks lawyer Jennifer Robinson just a few hours before he died, saying that the FBI was investigating him,” the whistleblowing organization said through its official Twitter account, sparking worldwide press coverage. The allegation has not been independently confirmed.
According to the official investigation of the crash, Hastings ran a red light and was driving over 100 miles per hour in his brand-new Mercedes in the early morning when he suddenly crashed into a tree, causing his car to burst into a bizarre fiery inferno. The engine was found more than 150 feet from the wreck. Local news outlets in California, meanwhile, are reporting that the police report is still not publicly available and that officials have been ordered not to comment on the case. The crash itself has also been ringing alarm bells among experts and analysts.
A TV reporter for San Diego 6, for example, recently took to the air and talked about her conversations with sources surrounding the crash after spending a day in Los Angeles investigating. Noting that the police report was not available, she said law enforcement and fire department officials refused to comment, with some saying they had been instructed not to say anything. “That kind of stands out; we look at the NSA, the government says if you have nothing to hide, don’t worry,” she said.
Military officials, meanwhile, told the news outlet that the fire was “extremely hot” and “not something we normally see,” the reporter continued. The fact that the engine was between 150 and 250 feet behind the car was also strange, according to university physics professors she spoke with — it should have been in front, if anything. Another interesting fact highlighted in the report: There were no skid marks at the accident scene.
Mercedes, she added, insists that their cars do not blow up. In fact, the company has a reputation for building some of the safest cars in the world, but Mercedes has not yet been contacted by authorities, according to a statement. Citing a 2010 study from a California university, the San Diego 6 reporter also noted that it is possible to “hack into the car system and operate the accelerator, the brakes, windshield wipers, light, steering,” and more using a simple iPad.
Car experts have also expressed skepticism about the official narrative. “I’m here to state that I’ve seen dozens of cars hit walls and stuff at high speeds and the number of them that I have observed to eject their powertrains and immediately catch massive fire is, um, ah, zero,” noted Jack Baruth, editor of The Truth About Cars. “Modern cars are very good at not catching fire in accidents. The Mercedes-Benz C-Class, which is an evolutionary design from a company known for sweating the safety details over and above the Euro NCAP requirements, should be leading the pack in the not-catching-on-fire category.”
“Nor is the C-Class known for sudden veering out of control into trees and whatnot,” continued Baruth, who has a professional racing license as well. “Mr. Hastings’ aggressively Democrat-friendly storytelling has the Internet already considering the idea that his death was engineered somehow. I can’t say it’s totally unlikely. As noted above, the reported (and videotaped) behavior of the C250 was not in line with what we’d expect.”  
It would not be the first time that a prominent journalist taking on the establishment has died under suspicious circumstances. Conservative-leaning alternative-media giant Andrew Breitbart, for example, promised to reveal information that would destroy the Obama machine. Shortly before the highly anticipated release, the 43-year-old died of “heart failure.” Two months later, the county coroner who conducted Breitbart’s autopsy was poisoned. Before that, investigative journalist Gary Webb, who exposed CIA cocaine trafficking, supposedly "committed suicide" with two bullets to the head after publicly expressing his concerns that he would be killed. The list could go on.
Of course, it is now common knowledge that the administration believes it can extra-judicially murder anyone — including Americans — whom Obama claims is a threat to the “Homeland.” No charges or trial are required, and indeed, the president has already openly murdered Americans like Anwar al Awlaki and his young son without even charging them with a crime — let alone securing a conviction by a jury in a court of law. Whether Hastings was murdered remains uncertain, but there is little doubt that the circumstances of his death were extremely suspicious.

Israelis warned infrastructure open to cyberstrikes

Israel's economic infrastructure, such as financial institutions, water companies, food factories and pharmaceutical manufacturers are wide open to cyber attack and need to take urgent steps to protect their computer systems, a leading think tank has warned.
Scores of these civilian targets constitute Israel's "soft underbelly" since they are not covered by government efforts to protect critical infrastructure, including military and security installations, says Gabi Siboni, program director of the Institute for National Security Studies' cyberwarfare program.
"Cyberdefense in the civilian arena is not being dealt with, in contrast to the defense sector, including defense industries, and scores of critical national infrastructures which receive regular guidelines on the issue from government departments," he told the business daily Globes.
"But telecommunications carriers, including Internet service providers and other entities with systems, which, if attacked, are liable to substantially disrupt service to a large clientele, are not defined by the government as critical infrastructures, and there's no authority [that] directs them how to prepare against a possible cyberattack.
"While dozens of critical national infrastructures are protected, someone deciding on an attack will prefer to focus his efforts on the soft underbelly, against those who are unprotected," Siboni said.
"The target could be the water company of a large city. Today, water companies and critical entities in the economy are not protected for such a situation because no one demands that they should be prepared."
Siboni's warning, which he will present at an INSS conference this week on the financial industry's preparedness for a cyberstrikes, comes amid major efforts by U.S., European and other governments to erect cyberdefenses around a comprehensive range of critical civilian infrastructure as the danger of crippling cyberattacks grows.
Recent disclosures of extensive electronic eavesdropping by U.S. intelligence on agencies of the European Union and other allies, including diplomatic missions, have heightened international concerns about the perils of cyberattacks.
The Financial Times said last week Europe "should transform itself into a data protection fortress."
Israel, which along with the United States has engaged Iran in an ongoing cyberwar largely aimed at sabotaging Tehran's nuclear program, has been in the forefront of building up cyberdefenses as the Iranians have struck back.
Prime Minister Binyamin Netanyahu has sought to accelerate the construction of these defenses, and says the Jewish state is hit by hundreds of cyberstrikes every month.
Syrian government loyalists have joined the onslaught in recent months as Israel has mounted airstrikes against Hezbollah targets in Syria amid the country's civil war.
On May 25, Israeli officials disclosed there had been a failed attack two weeks earlier on the water system in the northern city of Haifa, a major port and naval base. They said the attack originated in Syria in apparent retaliation for an Israeli airstrike earlier that month.
Yitzhak Ben-Yisrael, chairman of the National Council for Research and Development, said critical Israeli infrastructure such as the electricity and water industries and the stock exchange undergo hundreds of cyberattacks every week.
"The number of cyberattacks is huge," he said. "We're talking about an attack every moment. We have to constantly think about the upcoming threats."
In June, Netanyahu reported "a significant increase in the scope of cyberattacks on Israel by Iran. ... The targets are our vital national systems.
"In effect, aside from electricity, water, the railways and banks, every area that's open in economic life, not to mention defense, is a potential target for cyberattacks."
Netanyahu's previous government established a national cybercenter to help coordinate with the military and intelligence services to counter cyberattacks.
"Today, cyber is part of the battlefield," he declared. "This is not tomorrow's warfare -- it's already here today."
Iran, which has been on the receiving end of U.S. and Israeli cyberstrikes beginning with the notorious Stuxnet virus that crippled part of Tehran's uranium enrichment program in 2009-10, has been making a determined effort to enhance not only its cyberdefenses but its offensive capabilities as well.
A key catalyst for boosting cyberdefenses in the United States and its allies were two recent high-profile attacks, one against Saudi Arabia's oil industry, blamed on Iran, and an alleged North Korean attack on banks and media companies in South Korea.

Nintendo Fan Site Hacked; 24,000 Accounts Vulnerable

Almost 24,000 Nintendo accounts were hacked after cyber-criminals breached the company’s main fan site in Japan. The web site was hit by several illicit login attempts over the last month and hackers gained access to personal details such as real names, addresses, phone numbers and e-mails, according to a press release.
"There were scattered illicit attempts to login since June 9, but we became aware of the issue after the mass attempt on July 2," company spokesman Yasuhiro Minagawa said.
The gaming platform became aware of the security breach after discovering a large number of access errors on the fan site. Hackers apparently tried to access over 15.5 million accounts, but only managed to breach 23,926.
Nintendo suspended the illegally accessed accounts and urged users to change their passwords. The company’s global web site has about 4 million users in Japan.
Nintendo is not the only Japanese company to be hacked after mass login attempts. Hacked in April to June 2011, Sony is by far the most famous recent security attack.
After its Playstation network was shut down by LulzSec, Sony reportedly lost almost $171 million. More recently, game publisher Ubisoft also fell victim to a hacking attack, after cyber-crooks managed to steal users’ credentials and use them to illegally access the online network.